San Mateo, Calif. - May 31, 2005 - TriCipher, Inc., the innovator of strong authentication for the real world, today announced that it has been granted a new patent for password protection technology by the United States Patent and Trademark Office. TriCipher's patented technology leverages open standards to deliver a manageable, user friendly and cost effective authentication platform that can easily be integrated into an organizations existing security infrastructure.

TriCipher, which owns, and licenses exclusively from Verizon Communications, an extensive patent portfolio in strong authentication, has been issued U.S. patent number 6,883,095 for a system that protects passwords from two key vulnerabilities: guessing attacks and denial of service attacks. The technology, called "password throttling", is already implemented on TriCipher's industry-leading strong authentication and security solution, the TriCipher Armored Credential SystemTM (TACS), and is being used by healthcare, financial services, and government organizations to protect information assets.

Passwords continue to be a popular method for authenticating users, either alone or in combination with other factors, such as hardware tokens. One of the intrinsic vulnerabilities of password-based authentication is the ability of an attacker to try to guess a user's password through multiple login attempts. The traditional method for preventing password guessing is to limit the number of incorrect authentication attempts. For example, after five failed login attempts, the user is locked out for a certain period. However, this solution opens the door to another vulnerability - denial of service. Given a list of corporate user accounts, an attacker could for example, launch a wave of unsuccessful login attempts against a corporate website. All users of the target system would quickly be locked out, resulting in productivity losses for the company.

The technology covered by this patent resolves this dilemma by increasing the computational effort required by each successive online guess. A legitimate user who is entering a password for the second or third time would barely notice the added effort, but an attacker who has to try hundreds or thousands of guesses would quickly run out of resources.

"Over the years, attacks against identity systems have increased considerably," said Ravi Sandhu, Chief Scientist, TriCipher and professor of Information Security and Assurance at George Mason University. "At the same time, password guessing and the fact that users must be locked out to prevent the attack have reduced the effectiveness of passwords as an authentication mechanism. With the invention of this technology, password-based systems are more secure."

"This patent is part of a portfolio of TriCipher-developed technology innovations for strong authentication," said Ravi Ganesan, founder and CEO of TriCipher. "Most authentication systems out there today are at least 20 years old. We are approaching authentication in a new way, finding the balance between security, ease of use and total cost of ownership. This new patent reflects our ability to deliver innovative solutions that solve real world problems."

TriCipher currently owns or has exclusive license to 10 patents in the areas of cryptography, strong authentication, and identity protection and has several more pending.

About TriCipher, Inc.
TriCipher, Inc. provides strong authentication for the real world. The first authentication system that issues multiple types of credentials from a single infrastructure, the TriCipher Armored Credential System (TACS) allows for authentication strength to change in response to new threats without any infrastructure changes. Our patented technology fills the gap between authentication systems that are either not secure enough or too hard to use and deploy. TriCipher's innovative approach to strong multi-factor authentication protects against phishing and eliminates dictionary attacks. Founded in 2000, TriCipher is headquartered in San Mateo, California. The Company was incubated as NSD Security before launching as a separate entity in 2005. Investors in TriCipher are ArrowPath Venture Capital, Intel Capital, Trident Capital and Wasatch Venture Partners. For more information, please visit www.tricipher.com .

Use of this site is governed by our Terms of Use and Privacy Policy.
Copyright 1996- Ziff Davis, LLC. All Rights Reserved.
Reproduction in whole or in part in any form or medium without express written permission
of Ziff Davis, LLC. is prohibited.PCMag Digital GroupAdChoice